Product Manual
Page 1
Network Security Firewall User Manual DFL-210/ 800/1600/ 2500 DFL-260/ 860/1660/ 2560(G) Ver 2.27.01 SecurSiteycurity Network Security Solution http://www.dlink.com
Network Security Firewall User Manual DFL-210/ 800/1600/ 2500 DFL-260/ 860/1660/ 2560(G) Ver 2.27.01 SecurSiteycurity Network Security Solution http://www.dlink.com
Product Manual
Page 3
...DAMAGES OR LOSSES) RESULTING FROM THE APPLICATION OR IMPROPER USE OF THE D-LINK PRODUCT OR FAILURE OF THE PRODUCT, EVEN IF D-LINK IS INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. User Manual DFL-210/260/800/860/1600/1660/2500/2560/2560G NetDefendOS Version 2.27.01 Published 2010-06-22 ...Copyright © 2010 Copyright Notice This publication, including all rights reserved. FURTHERMORE, D-LINK WILL NOT BE LIABLE FOR THIRD-PARTY CLAIMS AGAINST...
...DAMAGES OR LOSSES) RESULTING FROM THE APPLICATION OR IMPROPER USE OF THE D-LINK PRODUCT OR FAILURE OF THE PRODUCT, EVEN IF D-LINK IS INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. User Manual DFL-210/260/800/860/1600/1660/2500/2560/2560G NetDefendOS Version 2.27.01 Published 2010-06-22 ...Copyright © 2010 Copyright Notice This publication, including all rights reserved. FURTHERMORE, D-LINK WILL NOT BE LIABLE FOR THIRD-PARTY CLAIMS AGAINST...
Product Manual
Page 30
... on a private network or the public Internet using a standard web browser. If communication with NetDefendOS secure. Setting the Workstation IP The assigned NetDefend Firewall interface and the workstation interface must be members of...1600 and 2500, the default management interface IP address is 192.168.1.1. • On the NetDefend DFL-1660, 2560 and 2560G, the default management interface IP address is assigned automatically by NetDefendOS to install client software. When performing initial connection to succeed so the connecting interface of a Default IP Address For a new D-Link...
... on a private network or the public Internet using a standard web browser. If communication with NetDefendOS secure. Setting the Workstation IP The assigned NetDefend Firewall interface and the workstation interface must be members of...1600 and 2500, the default management interface IP address is 192.168.1.1. • On the NetDefend DFL-1660, 2560 and 2560G, the default management interface IP address is assigned automatically by NetDefendOS to install client software. When performing initial connection to succeed so the connecting interface of a Default IP Address For a new D-Link...
Product Manual
Page 65
Hardware Monitoring Availability Certain D-Link hardware models allow the administrator to use the CLI to query the current value of each the sensor listing indicates that currently support hardware monitoring are the DFL-1600, 1660, 2500, 2560 and 2560G. Configuring and performing hardware monitoring...available: Enable Sensors Enable/disable all This can be done either through the CLI or through the Web Interface. Hardware Monitoring Chapter 2. The D-Link NetDefend models that the sensor is shown below: gw-world:/> hwm -a Name Current value (unit) SYS Temp = 44.000 (C) (x)...
Hardware Monitoring Availability Certain D-Link hardware models allow the administrator to use the CLI to query the current value of each the sensor listing indicates that currently support hardware monitoring are the DFL-1600, 1660, 2500, 2560 and 2560G. Configuring and performing hardware monitoring...available: Enable Sensors Enable/disable all This can be done either through the CLI or through the Web Interface. Hardware Monitoring Chapter 2. The D-Link NetDefend models that the sensor is shown below: gw-world:/> hwm -a Name Current value (unit) SYS Temp = 44.000 (C) (x)...
Product Manual
Page 75
...interface is destroyed and certified as VPN settings. The IP address 192.168.1.1 will be assigned to the default management interface LAN1 on the DFL-1600 and DFL-2500 models. The IP address 192.168.1.1 will be assigned to the LAN interface. The default IP address factory setting for the NetDefend... performed since the unit left the factory will continue to remove all stored user data. Then wait for the NetDefend DFL-1600, 1660, 2500, 2560 and 2560G To reset the DFL-1600/1660/2500/2560/2560G models, press any key on the keypad when the Press keypad to factory defaults should always...
...interface is destroyed and certified as VPN settings. The IP address 192.168.1.1 will be assigned to the default management interface LAN1 on the DFL-1600 and DFL-2500 models. The IP address 192.168.1.1 will be assigned to the LAN interface. The default IP address factory setting for the NetDefend... performed since the unit left the factory will continue to remove all stored user data. Then wait for the NetDefend DFL-1600, 1660, 2500, 2560 and 2560G To reset the DFL-1600/1660/2500/2560/2560G models, press any key on the keypad when the Press keypad to factory defaults should always...
Product Manual
Page 172
...network Y, traffic needs to be explained later). OSPF can achieve. OSPF is only available on the D-Link NetDefend DFL-800, 860, 1600, 1660 2500, 2560 and 2560G. OSPF depends on the DFL-210 and 260. Here we have two NetDefend Firewalls A and B connected together and configured to ...its own set of configuration control and scalability. OSPF can also provide a high level of just the updated information to its attached links and link costs to all other routers. Dynamic routing is not available on various metrics for path determination, including hops, bandwidth, load and...
...network Y, traffic needs to be explained later). OSPF can achieve. OSPF is only available on the D-Link NetDefend DFL-800, 860, 1600, 1660 2500, 2560 and 2560G. OSPF depends on the DFL-210 and 260. Here we have two NetDefend Firewalls A and B connected together and configured to ...its own set of configuration control and scalability. OSPF can also provide a high level of just the updated information to its attached links and link costs to all other routers. Dynamic routing is not available on various metrics for path determination, including hops, bandwidth, load and...
Product Manual
Page 174
... single, clearly defined routing policy controlled by routing IP packets based only on the NetDefend DFL-800, 860, 1600, 1660 2500, 2560 and 2560G. OSPF is described further in the AS. 174 Link-state Routing OSPF is only available on the destination IP address found in the AS (such... Routing metrics are routed "as is a routing protocol developed for this database, each NetDefend Firewall involved in any further protocol headers as a Link-state Database, which describes the various OSPF components. OSPF is required to be defined and it takes to move a packet from source to...
... single, clearly defined routing policy controlled by routing IP packets based only on the NetDefend DFL-800, 860, 1600, 1660 2500, 2560 and 2560G. OSPF is described further in the AS. 174 Link-state Routing OSPF is only available on the destination IP address found in the AS (such... Routing metrics are routed "as is a routing protocol developed for this database, each NetDefend Firewall involved in any further protocol headers as a Link-state Database, which describes the various OSPF components. OSPF is required to be defined and it takes to move a packet from source to...
Product Manual
Page 295
...efficient since a given user 295 Click the HTTP URL tab 4. Select Whitelist as shopping, news, sport, adult-oriented and so on the D-Link NetDefend DFL-260, 860, 1660, 2560 and 2560G. Click OK Simply continue adding specific blacklists and whitelists until the filter satisfies the needs. 6.3.4. The...retrieve the category of the URLs in the databases is global, covering websites in many different countries. Access to view its properties 3. Security Mechanisms 6. Enter */*.exe in many different languages and hosted on the recently created HTTP ALG to the URL can be allowed or ...
...efficient since a given user 295 Click the HTTP URL tab 4. Select Whitelist as shopping, news, sport, adult-oriented and so on the D-Link NetDefend DFL-260, 860, 1660, 2560 and 2560G. Click OK Simply continue adding specific blacklists and whitelists until the filter satisfies the needs. 6.3.4. The...retrieve the category of the URLs in the databases is global, covering websites in many different countries. Access to view its properties 3. Security Mechanisms 6. Enter */*.exe in many different languages and hosted on the recently created HTTP ALG to the URL can be allowed or ...
Product Manual
Page 309
... file transfer is enabled. Pattern Matching The inspection process is available only on downloads by specialized software installed on a per ALG basis. Security Mechanisms 6.4. The term "Virus" can determine, with a high degree of viruses if the Anti-Virus module is streamed through SMTP. Since...FTP ALG • The POP3 ALG • The SMTP ALG Note: Anti-Virus is recognized in files. It is focused on the D-Link NetDefend DFL-260, 860, 1660, 2560 and 2560G. 6.4.2. 6.4. Overview The NetDefendOS Anti-Virus module protects against servers, Anti-Virus scanning is available ...
... file transfer is enabled. Pattern Matching The inspection process is available only on downloads by specialized software installed on a per ALG basis. Security Mechanisms 6.4. The term "Virus" can determine, with a high degree of viruses if the Anti-Virus module is streamed through SMTP. Since...FTP ALG • The POP3 ALG • The SMTP ALG Note: Anti-Virus is recognized in files. It is focused on the D-Link NetDefend DFL-260, 860, 1660, 2560 and 2560G. 6.4.2. 6.4. Overview The NetDefendOS Anti-Virus module protects against servers, Anti-Virus scanning is available ...
Product Manual
Page 316
... to the base NetDefendOS license. 6.5.2. It is regularly updated with the NetDefend DFL 210, 800, 1600 and 2500. IDP does not come as a restricted subset of database signatures for all D-Link NetDefend models, including those that gives basic protection against IDP attacks. Security Mechanisms • Maintenance IDP Maintenance IDP is a subscription based IDP system...
... to the base NetDefendOS license. 6.5.2. It is regularly updated with the NetDefend DFL 210, 800, 1600 and 2500. IDP does not come as a restricted subset of database signatures for all D-Link NetDefend models, including those that gives basic protection against IDP attacks. Security Mechanisms • Maintenance IDP Maintenance IDP is a subscription based IDP system...
Product Manual
Page 470
... external IP addresses. Limiting the Connection Rate/Total Connections Limiting the Connection Rate Connection Rate Limiting allows an administrator to put a limit on the D-Link NetDefend DFL-800, 860, 1600, 1660, 2500, 2560 and 2560G. Limiting the Total Connections Total Connection Limiting allows the administrator to put a limit on the number of new...
... external IP addresses. Limiting the Connection Rate/Total Connections Limiting the Connection Rate Connection Rate Limiting allows an administrator to put a limit on the D-Link NetDefend DFL-800, 860, 1600, 1660, 2500, 2560 and 2560G. Limiting the Total Connections Total Connection Limiting allows the administrator to put a limit on the number of new...
Product Manual
Page 473
...with Internet access to as a server farm) that can handle many more requests than a single server. SLB is only available on all D-Link NetDefend models The SLB feature is a powerful tool that can improve the following aspects of network applications: • Performance • Scalability ...performance of applications but also scalability by a NetDefend Firewall. 473 Traffic Management 10.4. Note: SLB is not available on the D-Link NetDefend DFL-800, 860, 1600, 1660, 2500, 2560 and 2560G. The illustration below shows a typical SLB scenario, with an Action of servers (sometimes ...
...with Internet access to as a server farm) that can handle many more requests than a single server. SLB is only available on all D-Link NetDefend models The SLB feature is a powerful tool that can improve the following aspects of network applications: • Performance • Scalability ...performance of applications but also scalability by a NetDefend Firewall. 473 Traffic Management 10.4. Note: SLB is not available on the D-Link NetDefend DFL-800, 860, 1600, 1660, 2500, 2560 and 2560G. The illustration below shows a typical SLB scenario, with an Action of servers (sometimes ...
Product Manual
Page 482
... Issues, page 491 • Upgrading an HA Cluster, page 493 • HA Advanced Settings, page 495 11.1. One of the normal interfaces on the D-Link NetDefend DFL-1600, 1660, 2500, 2560 and 2560G. Special packets, known as the active unit in a cluster is actually processing all traffic. Chapter 11. The master and slave...
... Issues, page 491 • Upgrading an HA Cluster, page 493 • HA Advanced Settings, page 495 11.1. One of the normal interfaces on the D-Link NetDefend DFL-1600, 1660, 2500, 2560 and 2560G. Special packets, known as the active unit in a cluster is actually processing all traffic. Chapter 11. The master and slave...
Product Manual
Page 497
ZoneDefense This chapter describes the D-Link ZoneDefense feature. • Overview, page 497 • ZoneDefense Switches, page 498 • ZoneDefense Operation, page 499 12.1. Blocked hosts and networks remain blocked until the ... or all NetDefend models The ZoneDefense feature is only available on the total number of new connections being made per second, or on the D-Link NetDefend DFL-800, 860, 1600, 1660, 2500, 2560 and 2560G. 497 Thresholds are exceeding a defined connection threshold can be dynamically blocked using the Web or Command Line interface...
ZoneDefense This chapter describes the D-Link ZoneDefense feature. • Overview, page 497 • ZoneDefense Switches, page 498 • ZoneDefense Operation, page 499 12.1. Blocked hosts and networks remain blocked until the ... or all NetDefend models The ZoneDefense feature is only available on the total number of new connections being made per second, or on the D-Link NetDefend DFL-800, 860, 1600, 1660, 2500, 2560 and 2560G. 497 Thresholds are exceeding a defined connection threshold can be dynamically blocked using the Web or Command Line interface...
CLI Guide
Page 3
... disclaim any implied warranties of merchantability or fitness for any person of Liability UNDER NO CIRCUMSTANCES SHALL D-LINK OR ITS SUPPLIERS BE LIABLE FOR DAMAGES OF ANY CHARACTER (E.G. CLI Reference Guide DFL-210/260/800/860/1600/2500 NetDefendOS version 2.20 Published 2007-12-24 Copyright © 2007 Copyright Notice This publication, including...
... disclaim any implied warranties of merchantability or fitness for any person of Liability UNDER NO CIRCUMSTANCES SHALL D-LINK OR ITS SUPPLIERS BE LIABLE FOR DAMAGES OF ANY CHARACTER (E.G. CLI Reference Guide DFL-210/260/800/860/1600/2500 NetDefendOS version 2.20 Published 2007-12-24 Copyright © 2007 Copyright Notice This publication, including...
CLI Guide
Page 119
... 514) Specifies what facility is used for receiving emails for IDP events. LogReceiverSMTP Description An SMTP event receiver is used to receive log events from D-Link DFL Firewall") The hold time for the log receiver. (Identifier) The IP address of the log receiver. Specifies the which the log threshold must be ... Comments Specifies a symbolic name for an email to . LogReceiverSyslog Description A Syslog receiver is sent to be sent. (Default: 120) The amount of seconds the security gateway will have to occur within the hold time in the standard Syslog format. 3.31.3.
... 514) Specifies what facility is used for receiving emails for IDP events. LogReceiverSMTP Description An SMTP event receiver is used to receive log events from D-Link DFL Firewall") The hold time for the log receiver. (Identifier) The IP address of the log receiver. Specifies the which the log threshold must be ... Comments Specifies a symbolic name for an email to . LogReceiverSyslog Description A Syslog receiver is sent to be sent. (Default: 120) The amount of seconds the security gateway will have to occur within the hold time in the standard Syslog format. 3.31.3.